Re: [websec] Session Continuation = Session Bound State?
Harry Halpin <hhalpin@w3.org> Tue, 19 March 2013 14:21 UTC
Return-Path: <hhalpin@w3.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5087C21F8A8F for <websec@ietfa.amsl.com>; Tue, 19 Mar 2013 07:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95B4V3vXa9sc for <websec@ietfa.amsl.com>; Tue, 19 Mar 2013 07:21:12 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id D783521F8A84 for <websec@ietf.org>; Tue, 19 Mar 2013 07:21:12 -0700 (PDT)
Received: from men75-11-88-175-104-179.fbx.proxad.net ([88.175.104.179] helo=[192.168.1.34]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1UHxPb-0005Y8-Nv; Tue, 19 Mar 2013 10:21:12 -0400
Message-ID: <51487450.2060707@w3.org>
Date: Tue, 19 Mar 2013 15:21:04 +0100
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121028 Thunderbird/16.0.2
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <CAMm+Lwge7VBNWvWG01UN4j9=1nB+b8prusSVxgOpOcNLbZT8Sg@mail.gmail.com>
In-Reply-To: <CAMm+Lwge7VBNWvWG01UN4j9=1nB+b8prusSVxgOpOcNLbZT8Sg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: websec <websec@ietf.org>
Subject: Re: [websec] Session Continuation = Session Bound State?
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2013 14:21:13 -0000
On 03/14/2013 04:49 AM, Phillip Hallam-Baker wrote:
> The main substantive query that seemed to be raised in the meeting was
> what we are going to call this session continuation thing. I am not
> that worried about confusion with HTTP-Auth. Folk who know, know.
>
> But one of the objectives here is to replace cookies. So choosing a
> name that positions the spec as a successor to authentication cookies
> is actually quite important.
>
>
> How about Session Bound State as the term of art?
>
For those of who weren't at the meeting, can we get a summary or a pointer?
cheers,
harry
- [websec] Session Continuation = Session Bound Sta… Phillip Hallam-Baker
- Re: [websec] Session Continuation = Session Bound… Yoav Nir
- Re: [websec] Session Continuation = Session Bound… Tobias Gondrom
- Re: [websec] Session Continuation = Session Bound… Harry Halpin
- Re: [websec] Session Continuation = Session Bound… Nico Williams
- [websec] Starting work on Session Continuation/Bo… Yoav Nir
- Re: [websec] Session Continuation = Session Bound… Richard Barnes